SECTION

TYPE OF ARTICLE

CHANNELS

KEYWORDS

Newswise — BIRMINGHAM, Ala. – Researchers at the University of Alabama at Birmingham have developed a new method for two-factor authentication via wearables using speech signals.

Reducing the number of tasks users have to perform during traditional two-factor authentication has been an area of focus for emerging technology and security researchers. One method proposed involves using ambient noise to detect the proximity between the two devices being used for authentication, which eliminates the need for a user to type in a numerical code. However, UAB researchers contend this method would leave users vulnerable to malicious mobile device attacks.

“Listening-Watch offers two key security features,” said Nitesh Saxena, Ph.D., professor in the UAB College of Arts and SciencesDepartment of Computer Science. “It uses random code encoded into speech to withstand remoteattackers. Low-sensitivity microphones found in current wearable devices cannot capture distant sounds, which will thwart proximity attackers.”

In a real-world scenario, two-factor authentication using “Listening-Watch” would be implemented by using an application installed on the wearable device. Push messages would prompt the device to record and decode speech sounds played by the browser. When a user attempts to log in, the browser of the primary device, such as a PC terminal, laptop, smartphone or tablet, plays back a short random code encoded into human speech, and the login succeeds if the watch’s audio recording contains the same code and is similar enough to the browser’s audio recording. The speech is decoded using voice recognition technology.

Saxena is the director of the Security and Privacy In Emerging computing and networking Systems lab and the UAB CyberCorps Program. The National Science Foundation funded, scholarship for service program provides students applying to or currently pursuing a Master of Science in Computer Forensics and Security Management degree with academic year stipends of $34,000 per year. The purpose of the program is to help prepare a highly qualified workforce to address cybersecurity challenges and threats against the nation's computer and information systems.